selinux: add pstore

Used to record the Android log messages, then on reboot provide a means to triage user-space actitivies leading up to a panic. A companion to the pstore console logs. Change-Id: I9b94ee3d5e94e0c4590ba8453b4ac1ebdfc7603f

selinux: add pstore
34d32ea1 · Mark Salyzyn · 3b0988c5 · 34d32ea1 · 34d32ea1 · 34d32ea1
Commit 34d32ea1 authored 10 years ago by Mark Salyzyn
--- a/device.te
+++ b/device.te
@@ -9,6 +9,7 @@ type block_device, dev_type;
 type camera_device, dev_type;
 type dm_device, dev_type;
 type loop_device, dev_type;
+type pmsg_device, dev_type, mlstrustedobject;
 type radio_device, dev_type;
 type ram_device, dev_type;
 type vold_device, dev_type;

--- a/file_contexts
+++ b/file_contexts
@@ -66,6 +66,7 @@
 /dev/mpuirq		u:object_r:gps_device:s0
 /dev/mtd(/.*)?		u:object_r:mtd_device:s0
 /dev/mtp_usb		u:object_r:mtp_device:s0
+/dev/pmsg0		u:object_r:pmsg_device:s0
 /dev/pn544		u:object_r:nfc_device:s0
 /dev/ppp		u:object_r:ppp_device:s0
 /dev/ptmx		u:object_r:ptmx_device:s0

--- a/shell.te
+++ b/shell.te
@@ -9,9 +9,12 @@ net_domain(shell)
 # XXX Transition into its own domain?
 app_domain(shell)
-# logd access
+# logcat
 read_logd(shell)
 control_logd(shell)
+# logcat -L (directly, or via dumpstate)
+allow shell pstorefs:dir search;
+allow shell pstorefs:file r_file_perms;
 # read files in /data/anr
 allow shell anr_data_file:dir r_dir_perms;

--- a/te_macros
+++ b/te_macros
@@ -328,6 +328,7 @@ userdebug_or_eng(`
  allow $1 logd_debug:file w_file_perms;
 ')
 unix_socket_send($1, logdw, logd)
+allow $1 pmsg_device:chr_file w_file_perms;
 ')
 #####################################